api

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 1, 2026 License: MIT Imports: 18 Imported by: 18

Documentation

Overview

Package api provides a low-level client for the Passbolt API.

Index

Constants

View Source
const (
	ForeignModelTypesResource ForeignModelTypes = "Resource"
	ForeignModelTypesSecret   ForeignModelTypes = "Secret"
	ForeignModelTypesFolder                     = "Folder"
	ForeignModelTypesComment                    = "Comment"
	ForeignModelTypesTag                        = "Tag"
)
View Source
const PassboltObjectTypeResourceMetadata = "PASSBOLT_RESOURCE_METADATA"
View Source
const PassboltObjectTypeSecretData = "PASSBOLT_SECRET_DATA"
View Source
const UserLocaleENUK = "en-UK"

Variables

View Source
var (
	// Authentication & session errors
	ErrNoPrivateKey       = errors.New("client has no user private key")
	ErrSessionNotFound    = errors.New("cannot find session cookie")
	ErrEmptyAuthToken     = errors.New("got empty X-GPGAuth-User-Auth-Token header")
	ErrMFAFailed          = errors.New("MFA challenge failed")
	ErrMFACallbackMissing = errors.New("MFA callback is not defined")

	// Data lookup errors
	ErrResourceTypeNotFound = errors.New("resource type not found")
	ErrMetadataKeyNotFound  = errors.New("metadata key not found")
	ErrNoMetadataPrivateKey = errors.New("no metadata private key for user")
	ErrInvalidUUID          = errors.New("UUID is not in valid format")
)
View Source
var ErrAPIResponseErrorStatusCode = errors.New("error API JSON Response Status")

ErrAPIResponseErrorStatusCode indicates the API returned an error status.

Deprecated: Use errors.As with *APIError instead.

View Source
var ErrAPIResponseUnknownStatusCode = errors.New("unknown API JSON Response Status")

ErrAPIResponseUnknownStatusCode indicates the API returned an unknown status.

Deprecated: Use errors.As with *APIError instead.

View Source
var ResourceSchemas = map[string]json.RawMessage{
	"v5-default": json.RawMessage(`
{
  "resource": {
    "type": "object",
    "required": ["name"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_RESOURCE_METADATA"]
      },
      "resource_type_id": {
        "type": "string"
      },
      "name": {
        "type": "string",
        "maxLength": 255
      },
      "username": {
        "type": ["string", "null"],
        "maxLength": 255
      },
      "uris": {
        "type": "array",
        "items": {
          "type": "string",
          "maxLength": 1024
        }
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      }
    }
  },
  "secret": {
    "type": "object",
    "required": ["password"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_SECRET_DATA"]
      },
      "password": {
        "type": ["string", "null"],
        "maxLength": 4096
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      }
    }
  }
}`),
	"v5-password-string": json.RawMessage(`
{
  "resource": {
    "type": "object",
    "required": ["name"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_RESOURCE_METADATA"]
      },
      "resource_type_id": {
        "type": "string"
      },
      "name": {
        "type": "string",
        "maxLength": 255
      },
      "username": {
        "type": ["string", "null"],
        "maxLength": 255
      },
      "uris": {
        "type": "array",
        "items": {
          "type": "string",
          "maxLength": 1024
        }
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      }
    }
  },
  "secret": {
    "type": "string",
    "maxLength": 4096
  }
}`),
	"v5-default-with-totp": json.RawMessage(`
{
  "resource": {
    "type": "object",
    "required": ["name"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_RESOURCE_METADATA"]
      },
      "resource_type_id": {
        "type": "string"
      },
      "name": {
        "type": "string",
        "maxLength": 255
      },
      "username": {
        "type": ["string", "null"],
        "maxLength": 255
      },
      "uris": {
        "type": "array",
        "items": {
          "type": "string",
          "maxLength": 1024
        }
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      }
    }
  },
  "secret": {
    "type": "object",
    "required": ["totp"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_SECRET_DATA"]
      },
      "password": {
        "type": ["string", "null"],
        "maxLength": 4096
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      },
      "totp": {
        "type": "object",
        "required": ["secret_key", "digits", "algorithm"],
        "properties": {
          "algorithm": {
            "type": "string",
            "minLength": 4,
            "maxLength": 6
          },
          "secret_key": {
            "type": "string",
            "maxLength": 1024
          },
          "digits": {
            "type": "number",
            "minimum": 6,
            "maximum": 8
          },
          "period": {
            "type": "number"
          }
        }
      }
    }
  }
}`),
	"v5-totp-standalone": json.RawMessage(`
{
  "resource": {
    "type": "object",
    "required": ["name"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_RESOURCE_METADATA"]
      },
      "resource_type_id": {
        "type": "string"
      },
      "name": {
        "type": "string",
        "maxLength": 255
      },
      "uris": {
        "type": "array",
        "items": {
          "type": "string",
          "maxLength": 1024
        }
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      }
    }
  },
  "secret": {
    "type": "object",
    "required": ["totp"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_SECRET_DATA"]
      },
      "totp": {
        "type": "object",
        "required": ["secret_key", "digits", "algorithm"],
        "properties": {
          "algorithm": {
            "type": "string",
            "minLength": 4,
            "maxLength": 6
          },
          "secret_key": {
            "type": "string",
            "maxLength": 1024
          },
          "digits": {
            "type": "number",
            "minimum": 6,
            "maximum": 8
          },
          "period": {
            "type": "number"
          }
        }
      }
    }
  }
}`),
	"v5-custom-fields": json.RawMessage(`
{
  "resource": {
    "type": "object",
    "required": ["name", "custom_fields"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_RESOURCE_METADATA"]
      },
      "resource_type_id": {
        "type": "string"
      },
      "name": {
        "type": "string",
        "maxLength": 255
      },
      "uris": {
        "type": "array",
        "items": {
          "type": "string",
          "maxLength": 1024
        }
      },
      "description": {
        "type": ["string", "null"],
        "maxLength": 10000
      },
      "custom_fields": {
        "type": "array",
        "maxItems": 128,
        "items": {
          "type": "object",
          "required": ["id", "type"],
          "properties": {
            "id": { "type": "string" },
            "type": {
              "type": "string",
              "enum": ["text", "password", "boolean", "number", "uri"]
            },
            "metadata_key": { "type": ["string", "null"] },
            "metadata_value": {}
          }
        }
      }
    }
  },
  "secret": {
    "type": "object",
    "required": ["custom_fields"],
    "additionalProperties": false,
    "properties": {
      "object_type": {
        "type": "string",
        "enum": ["PASSBOLT_SECRET_DATA"]
      },
      "custom_fields": {
        "type": "array",
        "maxItems": 128,
        "items": {
          "type": "object",
          "required": ["id", "type"],
          "properties": {
            "id": { "type": "string" },
            "type": {
              "type": "string",
              "enum": ["text", "password", "boolean", "number", "uri"]
            },
            "secret_key": { "type": ["string", "null"] },
            "secret_value": {}
          }
        }
      }
    }
  }
}`),
}

ResourceSchemas is a fallback schema, only to be used if we encounter a broken server (v5.0). Not API stable!

Functions

func FormatSessionKey added in v0.8.0

func FormatSessionKey(sk *crypto.SessionKey) string

FormatSessionKey converts a crypto.SessionKey to the server format "9:HEXHEX..."

func GetPrivateKeyFromArmor added in v0.8.0

func GetPrivateKeyFromArmor(privateKey string, passphrase []byte) (*crypto.Key, error)

Types

type APIError added in v0.8.0

type APIError struct {
	StatusCode int
	Message    string
	Body       string
}

APIError represents a structured error from the Passbolt API response. It carries the HTTP status code, server message, and response body, allowing consumers to inspect error details programmatically via errors.As.

func (*APIError) Error added in v0.8.0

func (e *APIError) Error() string

func (*APIError) Is added in v0.8.0

func (e *APIError) Is(target error) bool

Is supports backward compatibility with the deprecated sentinel errors. errors.Is(err, ErrAPIResponseErrorStatusCode) continues to work when err is an *APIError.

type APIHeader

type APIHeader struct {
	ID         string `json:"id"`
	Status     string `json:"status"`
	Servertime int    `json:"servertime"`
	Action     string `json:"action"`
	Message    string `json:"message"`
	URL        string `json:"url"`
	Code       int    `json:"code"`
}

APIHeader is the Struct representation of the Header of a APIResponse

type APIResponse

type APIResponse struct {
	Header APIHeader       `json:"header"`
	Body   json.RawMessage `json:"body"`
}

APIResponse is the Struct representation of a Json Response

type ARO

type ARO struct {
	User  `json:"-"`
	Group `json:"-"`
}

ARO is a User or a Group

func (ARO) MarshalJSON added in v0.8.0

func (a ARO) MarshalJSON() ([]byte, error)

MarshalJSON implements custom marshaling for ARO. It marshals the User if Username is set, otherwise the Group.

func (*ARO) UnmarshalJSON added in v0.8.0

func (a *ARO) UnmarshalJSON(data []byte) error

UnmarshalJSON implements custom unmarshaling for ARO. The API returns a flat array mixing User and Group objects, so we detect the type by checking for distinguishing fields.

type AuthenticationToken

type AuthenticationToken struct {
	Token string `json:"token,omitempty"`
}

type Avatar

type Avatar struct {
	ID         string `json:"id,omitempty"`
	UserID     string `json:"user_id,omitempty"`
	ForeignKey string `json:"foreign_key,omitempty"`
	Model      string `json:"model,omitempty"`
	Filename   string `json:"filename,omitempty"`
	Filesize   int    `json:"filesize,omitempty"`
	MimeType   string `json:"mime_type,omitempty"`
	Extension  string `json:"extension,omitempty"`
	Hash       string `json:"hash,omitempty"`
	Path       string `json:"path,omitempty"`
	Adapter    string `json:"adapter,omitempty"`
	Created    *Time  `json:"created,omitempty"`
	Modified   *Time  `json:"modified,omitempty"`
	URL        *URL   `json:"url,omitempty"`
}

Avatar is a Users Avatar

type Client

type Client struct {

	// MetadataKeyUpdatedCallback is Called by the Client when the Metadatakey has changed
	// trusted shows if this key has been signed and thus been trusted by another client of this user
	// the consumer should prompt the user about the keychange and save the new fingerprint (may be skipped if it is trusted).
	// If no error is returned then the new key will be accepted and its fingerprint set in the client
	MetadataKeyUpdatedCallback func(ctx context.Context, trusted bool, fingerprint string, signTime time.Time) error

	// used for solving MFA challenges. You can block this to for example wait for user input.
	// You shouden't run any unrelated API Calls while you are in this callback.
	// You need to Return the Cookie that Passbolt expects to verify you MFA, usually it is called passbolt_mfa
	MFACallback func(ctx context.Context, c *Client, res *APIResponse) (http.Cookie, error)

	// Enable Debug Logging
	Debug bool
	// contains filtered or unexported fields
}

Client is a Client struct for the Passbolt api. The Client is thread-safe for concurrent use. All crypto operations and cache access are protected by internal mutexes.

func NewClient

func NewClient(httpClient *http.Client, UserAgent, BaseURL, UserPrivateKey, UserPassword string) (*Client, error)

NewClient Returns a new Passbolt Client. if httpClient is nil http.DefaultClient will be used. if UserAgent is "" "goPassboltClient/1.0" will be used. if UserPrivateKey is "" Key Setup is Skipped to Enable using the Client for User Registration, Most other function will be broken. After Registration a new Client Should be Created.

func (*Client) AddPendingSessionKey added in v0.8.0

func (c *Client) AddPendingSessionKey(foreignModel ForeignModelTypes, foreignID string, sessionKey *crypto.SessionKey)

AddPendingSessionKey adds a session key to the pending list for later saving

func (*Client) CheckSession

func (c *Client) CheckSession(ctx context.Context) bool

CheckSession Check to see if you have a Valid Session

func (*Client) ClearCache added in v0.8.0

func (c *Client) ClearCache()

ClearCache clears all cached data

func (*Client) ClearMetadataKeysCache added in v0.8.0

func (c *Client) ClearMetadataKeysCache()

ClearMetadataKeysCache clears the metadata keys cache with secure memory zeroing

func (*Client) ClearResourceTypesCache added in v0.8.0

func (c *Client) ClearResourceTypesCache()

ClearResourceTypesCache clears the resource types cache

func (*Client) ClearSessionKeyCache added in v0.8.0

func (c *Client) ClearSessionKeyCache()

ClearSessionKeyCache clears the session key cache with secure memory zeroing

func (*Client) CreateComment

func (c *Client) CreateComment(ctx context.Context, resourceID string, comment Comment) (*Comment, error)

CreateComment Creates a new Passbolt Comment

func (*Client) CreateFavorite

func (c *Client) CreateFavorite(ctx context.Context, resourceID string) (*Favorite, error)

CreateFavorite Creates a new Passbolt Favorite for the given Resource ID

func (*Client) CreateFolder

func (c *Client) CreateFolder(ctx context.Context, folder Folder) (*Folder, error)

CreateFolder Creates a new Passbolt Folder

func (*Client) CreateGroup

func (c *Client) CreateGroup(ctx context.Context, group Group) (*Group, error)

CreateGroup Creates a new Passbolt Group

func (*Client) CreateResource

func (c *Client) CreateResource(ctx context.Context, resource Resource) (*Resource, error)

CreateResource Creates a new Passbolt Resource

func (*Client) CreateSessionKeysBundle added in v0.8.0

func (c *Client) CreateSessionKeysBundle(ctx context.Context, encryptedData string) (*MetadataSessionKey, error)

CreateSessionKeysBundle creates a new session keys bundle on the server

func (*Client) CreateUser

func (c *Client) CreateUser(ctx context.Context, user User) (*User, error)

CreateUser Creates a new Passbolt User

func (*Client) DecryptMessage

func (c *Client) DecryptMessage(armoredCiphertext string) (string, error)

DecryptMessage decrypts a message using the users Private Key. This method is thread-safe.

func (*Client) DecryptMessageWithPrivateKeyAndReturnSessionKey added in v0.8.0

func (c *Client) DecryptMessageWithPrivateKeyAndReturnSessionKey(privateKey *crypto.Key, armoredCiphertext string) (string, *crypto.SessionKey, error)

DecryptMessageWithPrivateKeyAndReturnSessionKey decrypts a message using the provided private key. Returns the session key so that it can be saved in a cache. This method is thread-safe.

func (*Client) DecryptMessageWithSessionKey added in v0.8.0

func (c *Client) DecryptMessageWithSessionKey(sessionKey *crypto.SessionKey, ciphertextArmored string) (string, error)

DecryptMessageWithSessionKey Decrypts a Message using the Provided Session Key

func (*Client) DecryptMetadata added in v0.8.0

func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext string) (string, error)

DecryptMetadata decrypts metadata using the provided key. For session key caching, use DecryptMetadataWithKeyID instead.

func (*Client) DecryptMetadataWithKeyID added in v0.8.0

func (c *Client) DecryptMetadataWithKeyID(metadataKeyID string, metadataKey *crypto.Key, armoredCiphertext string) (string, error)

DecryptMetadataWithKeyID decrypts metadata using the provided key and caches the session key. The metadataKeyID is used as the cache key for session key caching. If metadataKeyID is empty, session key caching is disabled. For resource-aware caching (using pre-fetched session keys), use DecryptMetadataWithResourceID instead. This method is thread-safe: multiple goroutines can call this method concurrently with the same metadataKey.

func (*Client) DecryptMetadataWithResourceID added in v0.8.0

func (c *Client) DecryptMetadataWithResourceID(resourceID, metadataKeyID string, metadataKey *crypto.Key, armoredCiphertext string) (string, error)

DecryptMetadataWithResourceID decrypts metadata with resource-aware session key caching. It first checks for a pre-fetched session key by resource ID (from metadata_session_keys table), then falls back to metadata key ID cache, and finally to full asymmetric decryption. This function provides the best performance when PreFetchCaches() has been called. This method is thread-safe: multiple goroutines can call this method concurrently with the same metadataKey.

func (*Client) DecryptSecretWithResourceID added in v0.8.0

func (c *Client) DecryptSecretWithResourceID(resourceID string, armoredCiphertext string) (string, error)

DecryptSecretWithResourceID decrypts a secret using the user's private key. Secrets are always encrypted per-user, so no session key caching is needed. Session key caching is only used for metadata decryption (shared metadata keys).

func (*Client) DeleteComment

func (c *Client) DeleteComment(ctx context.Context, commentID string) error

DeleteComment Deletes a Passbolt Comment

func (*Client) DeleteFavorite

func (c *Client) DeleteFavorite(ctx context.Context, favoriteID string) error

DeleteFavorite Deletes a Passbolt Favorite

func (*Client) DeleteFolder

func (c *Client) DeleteFolder(ctx context.Context, folderID string) error

DeleteFolder Deletes a Passbolt Folder

func (*Client) DeleteGroup

func (c *Client) DeleteGroup(ctx context.Context, groupID string) error

DeleteGroup Deletes a Passbolt Group

func (*Client) DeleteResource

func (c *Client) DeleteResource(ctx context.Context, resourceID string) error

DeleteResource Deletes a Passbolt Resource

func (*Client) DeleteSessionKey added in v0.8.0

func (c *Client) DeleteSessionKey(ctx context.Context, sessionKeyID string) error

DeleteSessionKey Deletes a Passbolt SessionKey

func (*Client) DeleteUser

func (c *Client) DeleteUser(ctx context.Context, userID string) error

DeleteUser Deletes a Passbolt User

func (*Client) DeleteUserDryrun

func (c *Client) DeleteUserDryrun(ctx context.Context, userID string) error

DeleteUserDryrun Check if a Passbolt User is Deleteable

func (*Client) DoCustomRequest deprecated

func (c *Client) DoCustomRequest(ctx context.Context, method, path, version string, body interface{}, opts interface{}) (*APIResponse, error)

DoCustomRequest Executes a Custom Request and returns a APIResponse

Deprecated: DoCustomRequest is deprecated. Use DoCustomRequestV5 instead

func (*Client) DoCustomRequestAndReturnRawResponse deprecated

func (c *Client) DoCustomRequestAndReturnRawResponse(ctx context.Context, method, path, version string, body interface{}, opts interface{}) (*http.Response, *APIResponse, error)

DoCustomRequestAndReturnRawResponse Executes a Custom Request and returns a APIResponse and the Raw HTTP Response

Deprecated: DoCustomRequestAndReturnRawResponse is deprecated. Use DoCustomRequestAndReturnRawResponseV5 instead

func (*Client) DoCustomRequestAndReturnRawResponseV5 added in v0.8.0

func (c *Client) DoCustomRequestAndReturnRawResponseV5(ctx context.Context, method, path string, body interface{}, opts interface{}) (*http.Response, *APIResponse, error)

func (*Client) DoCustomRequestV5 added in v0.8.0

func (c *Client) DoCustomRequestV5(ctx context.Context, method, path string, body interface{}, opts interface{}) (*APIResponse, error)

DoCustomRequestV5 Executes a Custom Request and returns a APIResponse

func (*Client) EncryptMessage

func (c *Client) EncryptMessage(message string) (string, error)

EncryptMessage encrypts a message using the users public key and then signes the message using the users private key. This method is thread-safe.

func (*Client) EncryptMessageWithKey added in v0.8.0

func (c *Client) EncryptMessageWithKey(publicKey *crypto.Key, message string) (string, error)

EncryptMessageWithKey encrypts a message using the provided key and then signes the message using the users private key. This method is thread-safe.

func (*Client) EncryptMessageWithPublicKey deprecated

func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error)

EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key

Deprecated: EncryptMessageWithPublicKey is deprecated. Use EncryptMessageWithKey instead

func (*Client) EncryptMetadata added in v0.8.0

func (c *Client) EncryptMetadata(metadataKey *crypto.Key, data string) (string, error)

func (*Client) FetchAndCacheSessionKeys added in v0.8.0

func (c *Client) FetchAndCacheSessionKeys(ctx context.Context) (int, error)

FetchAndCacheSessionKeys fetches all metadata session keys from the server, decrypts the PGP message, and caches all per-resource session keys. The metadata_session_keys table contains ONE row per user with a SINGLE PGP message that, when decrypted, contains ALL session keys for all resources the user can access. Returns the number of session keys cached.

func (*Client) GetComments

func (c *Client) GetComments(ctx context.Context, resourceID string, opts *GetCommentsOptions) ([]Comment, error)

GetComments gets all Passbolt Comments an The Specified Resource

func (*Client) GetDecryptedMetadataKeyCached added in v0.8.0

func (c *Client) GetDecryptedMetadataKeyCached(ctx context.Context, id string) (*crypto.Key, error)

GetDecryptedMetadataKeyCached returns a copy of a cached decrypted metadata key by ID. If not in cache, it will fetch and decrypt the key.

The returned key is a copy that the caller owns and can use without synchronization. This allows multiple goroutines to decrypt metadata concurrently without contention.

func (*Client) GetFolder

func (c *Client) GetFolder(ctx context.Context, folderID string, opts *GetFolderOptions) (*Folder, error)

GetFolder gets a Passbolt Folder

func (*Client) GetFolders

func (c *Client) GetFolders(ctx context.Context, opts *GetFoldersOptions) ([]Folder, error)

GetFolders gets all Folders from the Passboltserver

func (*Client) GetGPGKey

func (c *Client) GetGPGKey(ctx context.Context, gpgkeyID string) (*GPGKey, error)

GetGPGKey gets a Passbolt GPGKey

func (*Client) GetGPGKeys

func (c *Client) GetGPGKeys(ctx context.Context, opts *GetGPGKeysOptions) ([]GPGKey, error)

GetGPGKeys gets all Passbolt GPGKeys

func (*Client) GetGroup

func (c *Client) GetGroup(ctx context.Context, groupID string) (*Group, error)

GetGroup gets a Passbolt Group

func (*Client) GetGroups

func (c *Client) GetGroups(ctx context.Context, opts *GetGroupsOptions) ([]Group, error)

GetGroups gets all Passbolt Groups

func (*Client) GetHealthCheckStatus

func (c *Client) GetHealthCheckStatus(ctx context.Context) (string, error)

GetHealthCheckStatus gets the Server Status

func (*Client) GetMe

func (c *Client) GetMe(ctx context.Context) (*User, error)

GetMe gets the currently logged in Passbolt User

func (*Client) GetMetadataKey added in v0.8.0

func (c *Client) GetMetadataKey(ctx context.Context, personal bool) (string, MetadataKeyType, *crypto.Key, error)

GetMetadataKey gets a Metadata key, Personal indicates if the function should return the personal key, If personal keys have been disabled on the server then we return the shared key Returns the Key ID, Key Type and the Key itself

func (*Client) GetMetadataKeyByID added in v0.8.0

func (c *Client) GetMetadataKeyByID(ctx context.Context, id string) (*crypto.Key, error)

GetMetadataKeyByID is for fetching a specific metadatakey if needed for decryption, these are not verified.

func (*Client) GetMetadataKeys added in v0.8.0

func (c *Client) GetMetadataKeys(ctx context.Context, opts *GetMetadataKeysOptions) ([]MetadataKey, error)

GetMetadataKeys gets all Passbolt GetMetadataKeys

func (*Client) GetMetadataKeysCached added in v0.8.0

func (c *Client) GetMetadataKeysCached(ctx context.Context) ([]MetadataKey, error)

GetMetadataKeysCached returns cached metadata keys, fetching from API if cache is empty

func (*Client) GetMetadataSessionKeys added in v0.8.0

func (c *Client) GetMetadataSessionKeys(ctx context.Context) ([]MetadataSessionKey, error)

GetMetadataSessionKeys gets the Metadata Session Keys

func (*Client) GetPGPHandle added in v0.8.0

func (c *Client) GetPGPHandle() *crypto.PGPHandle

GetPGPHandle Gets the Gopgenpgp Handler

func (*Client) GetPasswordExpirySettings added in v0.8.0

func (c *Client) GetPasswordExpirySettings() PasswordExpirySettings

GetPasswordExpirySettings returns the password expiry settings for the client

func (*Client) GetPendingSessionKeys added in v0.8.0

func (c *Client) GetPendingSessionKeys() []*PendingSessionKey

GetPendingSessionKeys returns all pending session keys and clears the pending list

func (*Client) GetPendingSessionKeysCount added in v0.8.0

func (c *Client) GetPendingSessionKeysCount() int

GetPendingSessionKeysCount returns the number of pending session keys without clearing

func (*Client) GetPublicKey

func (c *Client) GetPublicKey(ctx context.Context) (string, string, error)

GetPublicKey gets the Public Key and Fingerprint of the Passbolt instance

func (*Client) GetResource

func (c *Client) GetResource(ctx context.Context, resourceID string) (*Resource, error)

GetResource gets a Passbolt Resource

func (*Client) GetResourcePermissions

func (c *Client) GetResourcePermissions(ctx context.Context, resourceID string) ([]Permission, error)

GetResourcePermissions gets a Resources Permissions

func (*Client) GetResourceType

func (c *Client) GetResourceType(ctx context.Context, typeID string) (*ResourceType, error)

GetResourceType gets a Passbolt Type

func (*Client) GetResourceTypeBySlugCached added in v0.8.0

func (c *Client) GetResourceTypeBySlugCached(ctx context.Context, slug string) (*ResourceType, error)

GetResourceTypeBySlugCached returns a cached resource type by slug

func (*Client) GetResourceTypeCached added in v0.8.0

func (c *Client) GetResourceTypeCached(ctx context.Context, typeID string) (*ResourceType, error)

GetResourceTypeCached returns a cached resource type by ID, fetching from API if not in cache

func (*Client) GetResourceTypes

func (c *Client) GetResourceTypes(ctx context.Context, opts *GetResourceTypesOptions) ([]ResourceType, error)

GetResourceTypes gets all Passbolt Resource Types

func (*Client) GetResourceTypesCached added in v0.8.0

func (c *Client) GetResourceTypesCached(ctx context.Context) ([]ResourceType, error)

GetResourceTypesCached returns cached resource types, fetching from API if cache is empty

func (*Client) GetResources

func (c *Client) GetResources(ctx context.Context, opts *GetResourcesOptions) ([]Resource, error)

GetResources gets all Passbolt Resources

func (*Client) GetRoles

func (c *Client) GetRoles(ctx context.Context) ([]Role, error)

GetRoles gets all Passbolt Roles

func (*Client) GetSecret

func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error)

GetSecret gets a Passbolt Secret

func (*Client) GetServerMetadataKeySettings added in v0.8.0

func (c *Client) GetServerMetadataKeySettings(ctx context.Context) (*MetadataKeySettings, error)

GetServerMetadataKeySettings gets the Servers Settings about which Key to use, usually you should use MetadataKeySettings instead

func (*Client) GetServerMetadataTypeSettings added in v0.8.0

func (c *Client) GetServerMetadataTypeSettings(ctx context.Context) (*MetadataTypeSettings, error)

GetServerMetadataTypeSettings gets the Servers Settings about which Types to use, usually you should use MetadataTypeSettings instead

func (*Client) GetServerSettings added in v0.8.0

func (c *Client) GetServerSettings(ctx context.Context) (*ServerSettingsResponse, error)

GetServerSettings gets the Server Settings

func (*Client) GetSessionKeyByMetadataKeyID added in v0.8.0

func (c *Client) GetSessionKeyByMetadataKeyID(metadataKeyID string) *crypto.SessionKey

GetSessionKeyByMetadataKeyID retrieves a cached session key by metadata key ID. These session keys are extracted during decrypt and cached as fallback. Returns a clone of the cached key to prevent callers from modifying the cache.

func (*Client) GetSessionKeyByResourceID added in v0.8.0

func (c *Client) GetSessionKeyByResourceID(resourceID string) *crypto.SessionKey

GetSessionKeyByResourceID retrieves a cached session key by resource ID. These session keys come from the metadata_session_keys table. Returns a clone of the cached key to prevent callers from modifying the cache.

func (*Client) GetTrustedMetadatakeyFingerprint added in v0.8.0

func (c *Client) GetTrustedMetadatakeyFingerprint() *string

GetTrustedMetadatakeyFingerprint returns the trusted metadata key fingerprint.

func (*Client) GetUser

func (c *Client) GetUser(ctx context.Context, userID string) (*User, error)

GetUser gets a Passbolt User

func (*Client) GetUserID

func (c *Client) GetUserID() string

GetUserID Gets the ID of the Current User

func (*Client) GetUserPrivateKeyCopy added in v0.8.0

func (c *Client) GetUserPrivateKeyCopy() (*crypto.Key, error)

GetUserPrivateKeyCopy returns a copy of the user's private key. This method is thread-safe.

func (*Client) GetUsers

func (c *Client) GetUsers(ctx context.Context, opts *GetUsersOptions) ([]User, error)

GetUsers gets all Passbolt Users

func (*Client) Login

func (c *Client) Login(ctx context.Context) error

Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar. This method is thread-safe.

func (*Client) Logout

func (c *Client) Logout(ctx context.Context) error

Logout closes the current Session on the Passbolt server. IMPORTANT: After logout, the client's user private key is securely zeroed and cleared. The client becomes permanently invalid and CANNOT be reused or re-logged in. For a new session, create a new client instance with NewClient(). This method is thread-safe.

func (*Client) MetadataKeySettings added in v0.8.0

func (c *Client) MetadataKeySettings() MetadataKeySettings

MetadataKeySettings Gives the Current MetadataKeySettings

func (*Client) MetadataTypeSettings added in v0.8.0

func (c *Client) MetadataTypeSettings() MetadataTypeSettings

MetadataTypeSettings Gives the Current MetadataTypeSettings

func (*Client) MoveFolder

func (c *Client) MoveFolder(ctx context.Context, folderID, folderParentID string) error

MoveFolder Moves a Passbolt Folder

func (*Client) MoveResource

func (c *Client) MoveResource(ctx context.Context, resourceID, folderParentID string) error

MoveResource Moves a Passbolt Resource

func (*Client) PerformHealthCheck

func (c *Client) PerformHealthCheck(ctx context.Context) (json.RawMessage, error)

PerformHealthCheck performs a Health Check

func (*Client) PreDecryptAllMetadataPrivateKeys added in v0.8.0

func (c *Client) PreDecryptAllMetadataPrivateKeys(ctx context.Context) (int, error)

PreDecryptAllMetadataPrivateKeys pre-decrypts all metadata private keys and caches them. This is typically called during login to avoid lazy decryption later. Returns the number of keys decrypted.

func (*Client) PreFetchCaches added in v0.8.0

func (c *Client) PreFetchCaches(ctx context.Context) (sessionCount, metadataKeyCount int, err error)

PreFetchCaches pre-fetches and caches session keys and metadata private keys. This should be called after Login() when the server supports v5 metadata. Returns the count of session keys cached, metadata keys decrypted, and any error.

func (*Client) SavePendingSessionKeys added in v0.8.0

func (c *Client) SavePendingSessionKeys(ctx context.Context) (int, error)

SavePendingSessionKeys saves all pending session keys to the server. It fetches existing bundles, merges with pending keys, encrypts, and saves. Returns the number of session keys saved.

func (*Client) SearchAROs

func (c *Client) SearchAROs(ctx context.Context, opts SearchAROsOptions) ([]ARO, error)

SearchAROs gets all Passbolt AROs

func (*Client) SetSessionKeyByMetadataKeyID added in v0.8.0

func (c *Client) SetSessionKeyByMetadataKeyID(metadataKeyID string, sessionKey *crypto.SessionKey)

SetSessionKeyByMetadataKeyID stores a session key for a metadata key ID

func (*Client) SetSessionKeyByResourceID added in v0.8.0

func (c *Client) SetSessionKeyByResourceID(resourceID string, sessionKey *crypto.SessionKey)

SetSessionKeyByResourceID stores a session key for a specific resource ID

func (*Client) SetTrustedMetadatakeyFingerprint added in v0.8.0

func (c *Client) SetTrustedMetadatakeyFingerprint(fingerprint string, signTime time.Time)

SetTrustedMetadatakeyFingerprint sets the trusted metadata key fingerprint.

func (*Client) SetupComplete

func (c *Client) SetupComplete(ctx context.Context, userID string, request SetupCompleteRequest) error

SetupComplete Completes setup of a Passbolt Account

func (*Client) SetupInstall

func (c *Client) SetupInstall(ctx context.Context, userID, token string) (*SetupInstallResponse, error)

SetupInstall validates the userid and token used for Account setup, gives back the User Information

func (*Client) SetupServerVerification

func (c *Client) SetupServerVerification(ctx context.Context) (string, string, error)

SetupServerVerification sets up Server Verification, Only works before login

func (*Client) ShareFolder

func (c *Client) ShareFolder(ctx context.Context, folderID string, permissions []Permission) error

ShareFolder Shares a Folder with AROs

func (*Client) ShareResource

func (c *Client) ShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) error

ShareResource Shares a Resource with AROs

func (*Client) SimulateShareResource

func (c *Client) SimulateShareResource(ctx context.Context, resourceID string, shareRequest ResourceShareRequest) (*ResourceShareSimulationResult, error)

SimulateShareResource Simulates Shareing a Resource with AROs

func (*Client) UpdateComment

func (c *Client) UpdateComment(ctx context.Context, commentID string, comment Comment) (*Comment, error)

UpdateComment Updates a existing Passbolt Comment

func (*Client) UpdateFolder

func (c *Client) UpdateFolder(ctx context.Context, folderID string, folder Folder) (*Folder, error)

UpdateFolder Updates a existing Passbolt Folder

func (*Client) UpdateGroup

func (c *Client) UpdateGroup(ctx context.Context, groupID string, update GroupUpdate) (*Group, error)

UpdateGroup Updates a existing Passbolt Group

func (*Client) UpdateGroupDryRun

func (c *Client) UpdateGroupDryRun(ctx context.Context, groupID string, update GroupUpdate) (*UpdateGroupDryRunResult, error)

UpdateGroupDryRun Checks that a Passbolt Group update passes validation

func (*Client) UpdateResource

func (c *Client) UpdateResource(ctx context.Context, resourceID string, resource Resource) (*Resource, error)

UpdateResource Updates a existing Passbolt Resource

func (*Client) UpdateSessionKeysBundle added in v0.8.0

func (c *Client) UpdateSessionKeysBundle(ctx context.Context, bundleID string, encryptedData string, modified Time) (*MetadataSessionKey, error)

UpdateSessionKeysBundle updates an existing session keys bundle on the server. The modified parameter is required for optimistic locking - it must match the current modified timestamp on the server to prevent concurrent modifications.

func (*Client) UpdateUser

func (c *Client) UpdateUser(ctx context.Context, userID string, user User) (*User, error)

UpdateUser Updates a existing Passbolt User

func (*Client) VerifyServer

func (c *Client) VerifyServer(ctx context.Context, token, encToken string) error

VerifyServer verifys that the Server is still the same one as during the Setup, Only works before login. This method is thread-safe.

type Comment

type Comment struct {
	ID           string    `json:"id,omitempty"`
	ParentID     string    `json:"parent_id,omitempty"`
	ForeignKey   string    `json:"foreign_key,omitempty"`
	Content      string    `json:"content,omitempty"`
	ForeignModel string    `json:"foreign_model,omitempty"`
	Created      *Time     `json:"created,omitempty"`
	CreatedBy    string    `json:"created_by,omitempty"`
	UserID       string    `json:"user_id,omitempty"`
	Description  string    `json:"description,omitempty"`
	Modified     *Time     `json:"modified,omitempty"`
	ModifiedBy   string    `json:"modified_by,omitempty"`
	Children     []Comment `json:"children,omitempty"`
}

Comment is a Comment

type Favorite

type Favorite struct {
	ID           string `json:"id,omitempty"`
	Created      *Time  `json:"created,omitempty"`
	ForeignKey   string `json:"foreign_key,omitempty"`
	ForeignModel string `json:"foreign_model,omitempty"`
	Modified     *Time  `json:"modified,omitempty"`
}

Favorite is a Favorite

type Folder

type Folder struct {
	ID                string       `json:"id,omitempty"`
	Created           *Time        `json:"created,omitempty"`
	CreatedBy         string       `json:"created_by,omitempty"`
	Modified          *Time        `json:"modified,omitempty"`
	ModifiedBy        string       `json:"modified_by,omitempty"`
	Name              string       `json:"name,omitempty"`
	Permissions       []Permission `json:"permissions,omitempty"`
	FolderParentID    string       `json:"folder_parent_id,omitempty"`
	Personal          bool         `json:"personal,omitempty"`
	ChildrenResources []Resource   `json:"children_resources,omitempty"`
	ChildrenFolders   []Folder     `json:"children_folders,omitempty"`
}

Folder is a Folder

type ForeignModelTypes added in v0.8.0

type ForeignModelTypes string

func (ForeignModelTypes) IsValid added in v0.8.0

func (s ForeignModelTypes) IsValid() bool

type GPGAuth

type GPGAuth struct {
	KeyID string `json:"keyid"`
	Token string `json:"user_token_result,omitempty"`
}

GPGAuth is used for login

type GPGKey

type GPGKey struct {
	ID          string `json:"id,omitempty"`
	ArmoredKey  string `json:"armored_key,omitempty"`
	Created     *Time  `json:"created,omitempty"`
	KeyCreated  *Time  `json:"key_created,omitempty"`
	Bits        int    `json:"bits,omitempty"`
	Deleted     bool   `json:"deleted,omitempty"`
	Modified    *Time  `json:"modified,omitempty"`
	KeyID       string `json:"key_id,omitempty"`
	Fingerprint string `json:"fingerprint,omitempty"`
	Type        string `json:"type,omitempty"`
	Expires     *Time  `json:"expires,omitempty"`
	UserID      string `json:"user_id,omitempty"`
	UID         string `json:"uid,omitempty"`
}

GPGKey is a GPGKey

type GPGVerify

type GPGVerify struct {
	KeyID string `json:"keyid"`
	Token string `json:"server_verify_token,omitempty"`
}

GPGVerify is used for verification

type GPGVerifyContainer

type GPGVerifyContainer struct {
	Req GPGVerify `json:"gpg_auth"`
}

GPGVerifyContainer is used for verification

type GetCommentsOptions

type GetCommentsOptions struct {
	ContainCreator  bool `url:"contain[creator],omitempty"`
	ContainModifier bool `url:"contain[modifier],omitempty"`
}

GetCommentsOptions are all available query parameters

type GetFolderOptions

type GetFolderOptions struct {
	ContainChildrenResources     bool `url:"contain[children_resources],omitempty"`
	ContainChildrenFolders       bool `url:"contain[children_folders],omitempty"`
	ContainCreator               bool `url:"contain[creator],omitempty"`
	ContainCreatorProfile        bool `url:"contain[creator.profile],omitempty"`
	ContainModifier              bool `url:"contain[modifier],omitempty"`
	ContainModiferProfile        bool `url:"contain[modifier.profile],omitempty"`
	ContainPermission            bool `url:"contain[permission],omitempty"`
	ContainPermissions           bool `url:"contain[permissions],omitempty"`
	ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
	ContainPermissionGroup       bool `url:"contain[permissions.group],omitempty"`
}

GetFolderOptions are all available query parameters

type GetFoldersOptions

type GetFoldersOptions struct {
	ContainChildrenResources     bool `url:"contain[children_resources],omitempty"`
	ContainChildrenFolders       bool `url:"contain[children_folders],omitempty"`
	ContainCreator               bool `url:"contain[creator],omitempty"`
	ContainCreatorProfile        bool `url:"contain[creator.profile],omitempty"`
	ContainModifier              bool `url:"contain[modifier],omitempty"`
	ContainModiferProfile        bool `url:"contain[modifier.profile],omitempty"`
	ContainPermission            bool `url:"contain[permission],omitempty"`
	ContainPermissions           bool `url:"contain[permissions],omitempty"`
	ContainPermissionUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
	ContainPermissionGroup       bool `url:"contain[permissions.group],omitempty"`

	FilterHasID     []string `url:"filter[has-id][],omitempty"`
	FilterHasParent []string `url:"filter[has-parent][],omitempty"`
	FilterSearch    string   `url:"filter[search],omitempty"`
}

GetFoldersOptions are all available query parameters

type GetGPGKeysOptions

type GetGPGKeysOptions struct {
	// This is a Unix TimeStamp
	FilterModifiedAfter int `url:"filter[modified-after],omitempty"`
}

GetGPGKeysOptions are all available query parameters

type GetGroupsOptions

type GetGroupsOptions struct {
	FilterHasUsers    []string `url:"filter[has_users],omitempty"`
	FilterHasManagers []string `url:"filter[has-managers],omitempty"`

	ContainModifier               bool `url:"contain[modifier],omitempty"`
	ContainModifierProfile        bool `url:"contain[modifier.profile],omitempty"`
	ContainMyGroupUser            bool `url:"contain[my_group_user],omitempty"`
	ContainUsers                  bool `url:"contain[users],omitempty"`
	ContainGroupsUsers            bool `url:"contain[groups_users],omitempty"`
	ContainGroupsUsersUser        bool `url:"contain[groups_users.user],omitempty"`
	ContainGroupsUsersUserProfile bool `url:"contain[groups_users.user.profile],omitempty"`
	ContainGroupsUsersUserGPGKey  bool `url:"contain[groups_users.user.gpgkey],omitempty"`
}

GetGroupsOptions are all available query parameters

type GetMetadataKeysOptions added in v0.8.0

type GetMetadataKeysOptions struct {
	FilterDeleted bool `url:"filter[deleted],omitempty"`
	FilterExpired bool `url:"filter[expired],omitempty"`

	ContainMetadataPrivateKeys bool `url:"contain[metadata_private_keys],omitempty"`
}

GetMetadataKeysOptions are all available query parameters

type GetResourceTypesOptions

type GetResourceTypesOptions struct {
}

GetResourceTypesOptions is a placeholder for future options

type GetResourcesOptions

type GetResourcesOptions struct {
	FilterIsFavorite        bool     `url:"filter[is-favorite],omitempty"`
	FilterIsSharedWithGroup string   `url:"filter[is-shared-with-group],omitempty"`
	FilterIsOwnedByMe       bool     `url:"filter[is-owned-by-me],omitempty"`
	FilterIsSharedWithMe    bool     `url:"filter[is-shared-with-me],omitempty"`
	FilterHasID             []string `url:"filter[has-id][],omitempty"`
	// Parent Folder id
	FilterHasParent []string `url:"filter[has-parent][],omitempty"`
	FilterHasTag    string   `url:"filter[has-tag],omitempty"`
	// TODO Are undescores correct heare?
	MetadataKeyType MetadataKeyType `url:"filter[metadata_key_type],omitempty"`

	ContainCreator                bool `url:"contain[creator],omitempty"`
	ContainFavorites              bool `url:"contain[favorite],omitempty"`
	ContainModifier               bool `url:"contain[modifier],omitempty"`
	ContainSecret                 bool `url:"contain[secret],omitempty"`
	ContainResourceType           bool `url:"contain[resource-type],omitempty"`
	ContainPermissions            bool `url:"contain[permission],omitempty"`
	ContainPermissionsUserProfile bool `url:"contain[permissions.user.profile],omitempty"`
	ContainPermissionsGroup       bool `url:"contain[permissions.group],omitempty"`
	ContainTags                   bool `url:"contain[tag],omitempty"`
}

GetResourcesOptions are all available query parameters

type GetUsersOptions

type GetUsersOptions struct {
	FilterSearch    string   `url:"filter[search],omitempty"`
	FilterHasGroup  []string `url:"filter[has-group][],omitempty"`
	FilterHasAccess []string `url:"filter[has-access][],omitempty"`
	FilterIsAdmin   bool     `url:"filter[is-admin],omitempty"`
	// Admin only, TODO are underscores correct?
	MissingMetadataKeyIDs bool `url:"filter[missing_metadata_key_ids],omitempty"`

	ContainLastLoggedIn bool `url:"contain[LastLoggedIn],omitempty"`
}

GetUsersOptions are all available query parameters

type Group

type Group struct {
	ID         string `json:"id,omitempty"`
	Name       string `json:"name,omitempty"`
	Created    *Time  `json:"created,omitempty"`
	CreatedBy  string `json:"created_by,omitempty"`
	Deleted    bool   `json:"deleted,omitempty"`
	Modified   *Time  `json:"modified,omitempty"`
	ModifiedBy string `json:"modified_by,omitempty"`
	UserCount  int    `json:"user_count,omitempty"`
	// This does not Contain Profile for Users Anymore...
	GroupUsers []GroupMembership `json:"groups_users,omitempty"`
	// This is new and undocumented but as all the data
	Users []GroupUser `json:"users,omitempty"`
}

Group is a Group

type GroupJoinData

type GroupJoinData struct {
	ID      string `json:"id,omitempty"`
	GroupID string `json:"group_id,omitempty"`
	UserID  string `json:"user_id,omitempty"`
	IsAdmin bool   `json:"is_admin,omitempty"`
	Created *Time  `json:"created,omitempty"`
}

type GroupMembership

type GroupMembership struct {
	ID      string `json:"id,omitempty"`
	UserID  string `json:"user_id,omitempty"`
	GroupID string `json:"group_id,omitempty"`
	IsAdmin bool   `json:"is_admin,omitempty"`
	Delete  bool   `json:"delete,omitempty"`
	User    User   `json:"user,omitempty"`
	Created *Time  `json:"created,omitempty"`
}

type GroupSecret

type GroupSecret struct {
	Secret []Secret `json:"secret,omitempty"`
}

GroupSecret is a unnessesary container...

type GroupUpdate

type GroupUpdate struct {
	Name         string            `json:"name,omitempty"`
	GroupChanges []GroupMembership `json:"groups_users,omitempty"`
	Secrets      []Secret          `json:"secrets,omitempty"`
}

type GroupUser

type GroupUser struct {
	User
	JoinData GroupJoinData `json:"_join_data,omitempty"`
}

type Login

type Login struct {
	Auth *GPGAuth `json:"gpg_auth"`
}

Login is used for login

type MFAChallenge added in v0.6.0

type MFAChallenge struct {
	Provider MFAProviders `json:"providers,omitempty"`
}

type MFAChallengeResponse added in v0.6.0

type MFAChallengeResponse struct {
	TOTP string `json:"totp,omitempty"`
}

type MFAProviders

type MFAProviders struct {
	TOTP string `json:"totp,omitempty"`
}

type MetadataKey added in v0.8.0

type MetadataKey struct {
	ID          string `json:"id,omitempty"`
	Fingerprint string `json:"fingerprint,omitempty"`
	ArmoredKey  string `json:"armored_key,omitempty"`
	Created     Time   `json:"created,omitempty"`
	Modified    Time   `json:"modified,omitempty"`

	CreatedBy  *string `json:"created_by,omitempty"`
	ModifiedBy *string `json:"modified_by,omitempty"`

	MetadataPrivateKeys []MetadataPrivateKey `json:"metadata_private_keys,omitempty"`
}

MetadataKey is a MetadataKey

type MetadataKeySettings added in v0.8.0

type MetadataKeySettings struct {
	AllowUsageOfPersonalKeys   bool `json:"allow_usage_of_personal_keys"`
	AllowZeroKnowledgeKeyShare bool `json:"zero_knowledge_key_share"`
}

MetadataKeySettings contains the server settings about which metadata keys to use.

type MetadataKeyType added in v0.8.0

type MetadataKeyType string
const (
	MetadataKeyTypeUserKey   MetadataKeyType = "user_key"
	MetadataKeyTypeSharedKey MetadataKeyType = "shared_key"
)

func (MetadataKeyType) IsValid added in v0.8.0

func (s MetadataKeyType) IsValid() bool

type MetadataPrivateKey added in v0.8.0

type MetadataPrivateKey struct {
	ID                      string  `json:"id,omitempty"`
	MetadataKeyID           string  `json:"metadata_key_id,omitempty"`
	UserID                  *string `json:"user_id,omitempty"` // TODO, is this nullable. The Docs says yes and no
	Data                    string  `json:"data,omitempty"`
	Created                 Time    `json:"created,omitempty"`
	Modified                Time    `json:"modified,omitempty"`
	CreatedBy               *string `json:"created_by,omitempty"`
	ModifiedBy              *string `json:"modified_by,omitempty"`
	DataSignedByCurrentUser *Time   `json:"data_signed_by_current_user,omitempty"`
}

MetadataPrivateKey is a MetadataPrivateKey

type MetadataPrivateKeyData added in v0.8.0

type MetadataPrivateKeyData struct {
	// ObjectType Must always be PASSBOLT_METADATA_PRIVATE_KEY
	ObjectType string `json:"object_type,omitempty"`
	// Domain Must be the Passbolt Server URL
	Domain      string `json:"domain,omitempty"`
	Fingerprint string `json:"fingerprint,omitempty"`
	ArmoredKey  string `json:"armored_key,omitempty"`
	// Passphrase must be Empty for Server Keys
	Passphrase string `json:"passphrase,omitempty"`
	// When this key was Signed by our User for Trusting new keys which where trusted on other Devices
	Signed Time `json:"signed,omitempty"`
}

MetadataPrivateKeyData is a MetadataPrivateKeyData

type MetadataSessionKey added in v0.8.0

type MetadataSessionKey struct {
	ID       string `json:"id,omitempty"`
	UserID   string `json:"user_id,omitempty"`
	Data     string `json:"data,omitempty"`
	Created  Time   `json:"created,omitempty"`
	Modified Time   `json:"modified,omitempty"`
}

MetadataSessionKey is a MetadataSessionKey

type MetadataSessionKeyData added in v0.8.0

type MetadataSessionKeyData struct {
	// ObjectType Must always be PASSBOLT_SESSION_KEYS
	ObjectType  string                          `json:"object_type,omitempty"`
	SessionKeys []MetadataSessionKeyDataElement `json:"session_keys,omitempty"`
}

MetadataSessionKeyData is a MetadataSessionKeyData

type MetadataSessionKeyDataElement added in v0.8.0

type MetadataSessionKeyDataElement struct {
	ForeignModel ForeignModelTypes `json:"foreign_model"`
	ForeignID    string            `json:"foreign_id"`
	SessionKey   string            `json:"session_key"`
	Modified     Time              `json:"modified"`
}

MetadataSessionKeyDataElement is a MetadataSessionKeyDataElement

type MetadataTypeSettings added in v0.8.0

type MetadataTypeSettings struct {
	DefaultResourceType        PassboltAPIVersionType `json:"default_resource_types"`
	DefaultFolderType          PassboltAPIVersionType `json:"default_folder_type"`
	DefaultTagType             PassboltAPIVersionType `json:"default_tag_type"`
	DefaultCommentType         PassboltAPIVersionType `json:"default_comment_type"`
	AllowCreationOfV5Resources bool                   `json:"allow_creation_of_v5_resources"`
	AllowCreationOfV5Folders   bool                   `json:"allow_creation_of_v5_folders"`
	AllowCreationOfV5Tags      bool                   `json:"allow_creation_of_v5_tags"`
	AllowCreationOfV5Comments  bool                   `json:"allow_creation_of_v5_comments"`
	AllowCreationOfV4Resources bool                   `json:"allow_creation_of_v4_resources"`
	AllowCreationOfV4Folders   bool                   `json:"allow_creation_of_v4_folders"`
	AllowCreationOfV4Tags      bool                   `json:"allow_creation_of_v4_tags"`
	AllowCreationOfV4Comments  bool                   `json:"allow_creation_of_v4_comments"`
	AllowV4V5Upgrade           bool                   `json:"allow_v4_v5_upgrade"`
	AllowV4V5Downgrade         bool                   `json:"allow_v5_v4_downgrade"`
}

MetadataTypeSettings Contains the Servers Settings about which Types to use

type PassboltAPIVersionType added in v0.8.0

type PassboltAPIVersionType string
const (
	PassboltAPIVersionTypeV4 PassboltAPIVersionType = "v4"
	PassboltAPIVersionTypeV5 PassboltAPIVersionType = "v5"
)

func (PassboltAPIVersionType) IsValid added in v0.8.0

func (s PassboltAPIVersionType) IsValid() bool

type PasswordExpirySettings added in v0.8.0

type PasswordExpirySettings struct {
	ID                       string    `json:"id"`
	DefaultExpiryPeriod      int       `json:"default_expiry_period,omitempty"`
	PolicyOverride           bool      `json:"policy_override"`
	AutomaticExpiry          bool      `json:"automatic_expiry"`
	AutomaticUpdate          bool      `json:"automatic_update"`
	ExpiryNotificationPeriod int       `json:"expiry_notification_period,omitempty"`
	Created                  time.Time `json:"created"`
	Modified                 time.Time `json:"modified"`
	CreatedBy                string    `json:"created_by"`
	ModifiedBy               string    `json:"modified_by"`
}

PasswordExpirySettings contains the Password expiry settings

type PendingSessionKey added in v0.8.0

type PendingSessionKey struct {
	ForeignModel ForeignModelTypes // "Resource", "Folder", "Tag"
	ForeignID    string            // UUID of the resource/folder/tag
	SessionKey   string            // Format: "9:HEXHEX..." (algorithm:hex-encoded key)
	Modified     Time              // When this session key was extracted
}

PendingSessionKey represents a session key that was extracted during decryption and is pending to be saved to the server

type Permission

type Permission struct {
	ID            string `json:"id,omitempty"`
	ACO           string `json:"aco,omitempty"`
	ARO           string `json:"aro,omitempty"`
	ACOForeignKey string `json:"aco_foreign_key,omitempty"`
	AROForeignKey string `json:"aro_foreign_key,omitempty"`
	Type          int    `json:"type,omitempty"`
	Delete        bool   `json:"delete,omitempty"`
	IsNew         bool   `json:"is_new,omitempty"`
	Created       *Time  `json:"created,omitempty"`
	Modified      *Time  `json:"modified,omitempty"`
}

Permission is a Permission

type Profile

type Profile struct {
	ID        string  `json:"id,omitempty"`
	UserID    string  `json:"user_id,omitempty"`
	FirstName string  `json:"first_name,omitempty"`
	LastName  string  `json:"last_name,omitempty"`
	Created   *Time   `json:"created,omitempty"`
	Modified  *Time   `json:"modified,omitempty"`
	Avatar    *Avatar `json:"avatar,omitempty"`
}

Profile is a Profile

type PublicKeyReponse

type PublicKeyReponse struct {
	Fingerprint string `json:"fingerprint"`
	Keydata     string `json:"keydata"`
}

PublicKeyReponse the Body of a Public Key Api Request

type Resource

type Resource struct {
	ID             string       `json:"id,omitempty"`
	Created        *Time        `json:"created,omitempty"`
	CreatedBy      string       `json:"created_by,omitempty"`
	Creator        *User        `json:"creator,omitempty"`
	Deleted        bool         `json:"deleted,omitempty"`
	Description    string       `json:"description,omitempty"`
	Favorite       *Favorite    `json:"favorite,omitempty"`
	Modified       *Time        `json:"modified,omitempty"`
	ModifiedBy     string       `json:"modified_by,omitempty"`
	Modifier       *User        `json:"modifier,omitempty"`
	Name           string       `json:"name,omitempty"`
	Permission     *Permission  `json:"permission,omitempty"`
	URI            string       `json:"uri,omitempty"`
	Username       string       `json:"username,omitempty"`
	FolderParentID string       `json:"folder_parent_id,omitempty"`
	ResourceTypeID string       `json:"resource_type_id,omitempty"`
	ResourceType   ResourceType `json:"resource_type,omitempty"`

	MetadataKeyID   string          `json:"metadata_key_id,omitempty"`
	MetadataKeyType MetadataKeyType `json:"metadata_key_type,omitempty"`
	Metadata        string          `json:"metadata,omitempty"`

	Secrets []Secret `json:"secrets,omitempty"`
	Tags    []Tag    `json:"tags,omitempty"`
	Expired *Time    `json:"expired,omitempty"`
}

Resource is a Resource. Warning: Since Passbolt v3 some fields here may not be populated as they may be in the Secret depending on the ResourceType, for now the only Field like that is the Description. With Passbolt v5 it is now Possible that all Unencrypted User Supplied Fields are empty, and need to be decrypted from the Metadata Message

type ResourceShareRequest

type ResourceShareRequest struct {
	Permissions []Permission `json:"permissions,omitempty"`
	Secrets     []Secret     `json:"secrets,omitempty"`
}

ResourceShareRequest is a ResourceShareRequest

type ResourceShareSimulationChange

type ResourceShareSimulationChange struct {
	User ResourceShareSimulationUser `json:"user,omitempty"`
}

ResourceShareSimulationChange is a single change

type ResourceShareSimulationChanges

type ResourceShareSimulationChanges struct {
	Added   []ResourceShareSimulationChange `json:"added,omitempty"`
	Removed []ResourceShareSimulationChange `json:"removed,omitempty"`
}

ResourceShareSimulationChanges contains the Actual Changes

type ResourceShareSimulationResult

type ResourceShareSimulationResult struct {
	Changes ResourceShareSimulationChanges `json:"changes,omitempty"`
}

ResourceShareSimulationResult is the Result of a Sharing Simulation

type ResourceShareSimulationUser

type ResourceShareSimulationUser struct {
	ID string `json:"id,omitempty"`
}

ResourceShareSimulationUser contains the users id

type ResourceType

type ResourceType struct {
	ID          string          `json:"id,omitempty"`
	Slug        string          `json:"slug,omitempty"`
	Description string          `json:"description,omitempty"`
	Definition  json.RawMessage `json:"definition,omitempty"`
	Created     *Time           `json:"created,omitempty"`
	Modified    *Time           `json:"modified,omitempty"`
}

ResourceType is the Type of a Resource

func (*ResourceType) HasMetadataField added in v0.8.0

func (rt *ResourceType) HasMetadataField(field string) bool

HasMetadataField returns true if the resource type's metadata schema contains the given field.

func (*ResourceType) HasSecretField added in v0.8.0

func (rt *ResourceType) HasSecretField(field string) bool

HasSecretField returns true if the resource type's secret schema contains the given field.

func (*ResourceType) IsSecretString added in v0.8.0

func (rt *ResourceType) IsSecretString() bool

IsSecretString returns true if the resource type's secret is a plain string (not JSON). This is determined by checking the "type" field of the secret section in the definition schema. Returns false if the definition cannot be parsed.

func (*ResourceType) IsV5 added in v0.8.0

func (rt *ResourceType) IsV5() bool

IsV5 returns true if this is a v5 resource type (has encrypted metadata). V5 resource types use a "v5-" slug prefix.

type ResourceTypeSchema added in v0.7.0

type ResourceTypeSchema struct {
	Resource map[string]any `json:"resource"`
	Secret   map[string]any `json:"secret"`
}

type Role

type Role struct {
	ID          string `json:"id,omitempty"`
	Name        string `json:"name,omitempty"`
	Created     *Time  `json:"created,omitempty"`
	Description string `json:"description,omitempty"`
	Modified    *Time  `json:"modified,omitempty"`
	CreatedBy   string `json:"created_by,omitempty"`
	ModifiedBy  string `json:"modified_by,omitempty"`
	Deleted     bool   `json:"deleted,omitempty"`
	DeletedBy   string `json:"deleted_by,omitempty"`
	Avatar      Avatar `json:"avatar,omitempty"`
}

Role is a Role

type SearchAROsOptions

type SearchAROsOptions struct {
	FilterSearch string `url:"filter[search],omitempty"`
}

SearchAROsOptions are all available query parameters

type Secret

type Secret struct {
	ID         string `json:"id,omitempty"`
	UserID     string `json:"user_id,omitempty"`
	ResourceID string `json:"resource_id,omitempty"`
	Data       string `json:"data,omitempty"`
	Created    *Time  `json:"created,omitempty"`
	Modified   *Time  `json:"modified,omitempty"`
}

Secret is a Secret

type SecretDataTOTP added in v0.7.0

type SecretDataTOTP struct {
	Algorithm string `json:"algorithm"`
	SecretKey string `json:"secret_key"`
	Digits    int    `json:"digits"`
	Period    int    `json:"period"`
}

SecretDataTOTP represents the TOTP sub-object in secret data

type SecretDataTypePasswordAndDescription deprecated

type SecretDataTypePasswordAndDescription struct {
	Password    string `json:"password"`
	Description string `json:"description,omitempty"`
}

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypePasswordAndDescription is the format a secret of resource type "password-and-description" is stored in

type SecretDataTypePasswordDescriptionTOTP deprecated added in v0.7.0

type SecretDataTypePasswordDescriptionTOTP struct {
	Password    string         `json:"password"`
	Description string         `json:"description,omitempty"`
	TOTP        SecretDataTOTP `json:"totp"`
}

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypePasswordDescriptionTOTP is the format a secret of resource type "password-description-totp" is stored in

type SecretDataTypeTOTP deprecated added in v0.7.0

type SecretDataTypeTOTP struct {
	TOTP SecretDataTOTP `json:"totp"`
}

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypeTOTP is the format a secret of resource type "totp" is stored in

type SecretDataTypeV5Default deprecated added in v0.8.0

type SecretDataTypeV5Default struct {
	ObjectType     string `json:"object_type"`
	ResourceTypeID string `json:"resource_type_id,omitempty"`
	Password       string `json:"password,omitempty"`
	Description    string `json:"description,omitempty"`
}

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypeV5Default represents the secret data for a V5 default resource.

type SecretDataTypeV5DefaultWithTOTP deprecated added in v0.8.0

type SecretDataTypeV5DefaultWithTOTP struct {
	ObjectType     string         `json:"object_type"`
	ResourceTypeID string         `json:"resource_type_id,omitempty"`
	Password       string         `json:"password,omitempty"`
	Description    string         `json:"description,omitempty"`
	TOTP           SecretDataTOTP `json:"totp"`
}

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypeV5DefaultWithTOTP represents the secret data for a V5 default resource with TOTP.

type SecretDataTypeV5PasswordString deprecated added in v0.8.0

type SecretDataTypeV5PasswordString string

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypeV5PasswordString is just the password directly.

type SecretDataTypeV5TOTPStandalone deprecated added in v0.8.0

type SecretDataTypeV5TOTPStandalone struct {
	ObjectType     string         `json:"object_type"`
	ResourceTypeID string         `json:"resource_type_id,omitempty"`
	TOTP           SecretDataTOTP `json:"totp"`
}

Deprecated: marshal/unmarshal secret data via map[string]any with helper.GetResourceFieldMaps or helper.CreateResourceGeneric instead. Will be removed in a future major version.

SecretDataTypeV5TOTPStandalone represents the secret data for a V5 standalone TOTP resource.

type ServerPassboltPluginSettings added in v0.8.0

type ServerPassboltPluginSettings struct {
	Enabled bool   `json:"enabled"`
	Version string `json:"version"`
}

ServerPassboltPluginSettings contains the Settings of a Specific Passbolt Plugin

type ServerPassboltSettings added in v0.8.0

type ServerPassboltSettings struct {
	Plugins map[string]ServerPassboltPluginSettings `json:"plugins"`
}

ServerPassboltSettings contains Passbolt specific server settings

func (*ServerPassboltSettings) IsPluginEnabled added in v0.8.0

func (ps *ServerPassboltSettings) IsPluginEnabled(name string) bool

type ServerSettingsResponse added in v0.8.0

type ServerSettingsResponse struct {
	Passbolt ServerPassboltSettings `json:"passbolt"`
}

ServerSettingsResponse contains all Servers Settings

type SetupCompleteRequest

type SetupCompleteRequest struct {
	AuthenticationToken AuthenticationToken `json:"authenticationtoken,omitempty"`
	GPGKey              GPGKey              `json:"gpgkey,omitempty"`
	User                User                `json:"user,omitempty"`
}

type SetupInstallResponse

type SetupInstallResponse struct {
	User `json:"user,omitempty"`
}

type Tag

type Tag struct {
	ID       string `json:"id,omitempty"`
	Slug     string `json:"slug,omitempty"`
	IsShared bool   `json:"is_shared,omitempty"`
}

Tag is a Passbolt Password Tag

type Time

type Time struct {
	time.Time
}

Time is here to unmarshall time correctly

func (Time) MarshalJSON

func (t Time) MarshalJSON() ([]byte, error)

MarshalJSON Marshals Passbolt *Time

func (*Time) UnmarshalJSON

func (t *Time) UnmarshalJSON(buf []byte) error

UnmarshalJSON Parses Passbolt *Time

type URL

type URL struct {
	Medium string `json:"medium,omitempty"`
	Small  string `json:"small,omitempty"`
}

URL is a Passbolt URL

type UpdateGroupDryRun

type UpdateGroupDryRun struct {
	// for which users the secrets need to be reencrypted
	SecretsNeeded []UpdateGroupSecretsNeededContainer `json:"SecretsNeeded,omitempty"`
	// secrets needed to be reencrypted
	Secrets []GroupSecret `json:"Secrets,omitempty"`
}

UpdateGroupDryRun contains the Actual Secrets Needed to update the group

type UpdateGroupDryRunResult

type UpdateGroupDryRunResult struct {
	DryRun UpdateGroupDryRun `json:"dry-run,omitempty"`
}

UpdateGroupDryRunResult is the Result of a Update Group DryRun

type UpdateGroupDryRunSecretsNeeded

type UpdateGroupDryRunSecretsNeeded struct {
	ResourceID string `json:"resource_id,omitempty"`
	UserID     string `json:"user_id,omitempty"`
}

UpdateGroupDryRunSecretsNeeded a secret that needs to be reencrypted for a specific user

type UpdateGroupSecretsNeededContainer

type UpdateGroupSecretsNeededContainer struct {
	Secret UpdateGroupDryRunSecretsNeeded `json:"Secret,omitempty"`
}

UpdateGroupSecretsNeededContainer is a unnessesary container...

type User

type User struct {
	ID           string    `json:"id,omitempty"`
	Created      *Time     `json:"created,omitempty"`
	Active       bool      `json:"active,omitempty"`
	Deleted      bool      `json:"deleted,omitempty"`
	Disabled     *Time     `json:"disabled,omitempty"`
	Description  string    `json:"description,omitempty"`
	Favorite     *Favorite `json:"favorite,omitempty"`
	Modified     *Time     `json:"modified,omitempty"`
	Username     string    `json:"username,omitempty"`
	RoleID       string    `json:"role_id,omitempty"`
	Profile      *Profile  `json:"profile,omitempty"`
	Role         *Role     `json:"role,omitempty"`
	GPGKey       *GPGKey   `json:"gpgkey,omitempty"`
	LastLoggedIn string    `json:"last_logged_in,omitempty"`
	Locale       string    `json:"locale,omitempty"`

	// Admin only, needs contains
	MissingMetadataKeyIDs []string `json:"missing_metadata_key_ids,omitempty"`

	// GroupsUsers contains group membership data (returned by SearchAROs endpoint)
	GroupsUsers []GroupMembership `json:"groups_users,omitempty"`
}

User contains information about a passbolt User

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL